Configuring and Deploying DNS servers (primary, secondary, root and cache on centos 6.5) - Part 3 - Root and Cache

Configuration on Root DNS Server:

The root zone maintains information regarding top-level domains. Root-zone servers for internet top-level domains are already deployed. With this you can create your own internet naming scheme, which is usually done in intranets who have their own top-level domains

• Install bind packages
• yum install bind bind-utils bind-chroot bind-libs

• Edit named.conf
• vi /etc/named.conf

listen-on port 53 { 192.168.12.4; }; //change this to your ip address
*remove the allow-query line
*optional remove recursion line

 zone "." IN {
        type master;
        file "root.net";
      };

• Create and edit root.net
• vi /var/named/root.net

 $TTL 86400
@    IN    SOA    root.msm.net.    admin.root.msm.net. (
            535 ; serial
            3H ; refresh
            15M ; retry
            1W ; expiry
            1D ) ; minimum
@                IN    NS    root.msm.net.
root.msm.net.    999999        IN    A    192.168.12.4 //root servers ip and fqdn
msm.net.            IN    NS    ns.msm.net. //primary server's fqdn and zone name
12.168.192.in-addr.arpa        IN    NS     ns.msm.net. // reverse zone named and fqdn of primary dns server
ns.msm.net.            IN    A    192.168.12.2 //fqdn and ip of primary dns server, you can also add similar entries for secondary dns below

• Open Firwalls
• iptables -I INPUT -p tcp --dport 53 -j ACCEPT
• iptables -I INPUT -p udp --dport 53 -j ACCEPT 

•  edit resolv.conf
• vi /etc/resolv.conf

search msm.net
nameserver 192.168.12.4 //resolve to its own ip address just to check if server is functioning

• Start named daemon
• service named start

• Query some records that are stored in primary server's database
• nslookup
• cache.msm.net 

 Configuration on Cache DNS server:

when DNS(bind named) is installed, by default it configures the machine as a caching server. All we have to do is change the file-name in named.conf and create a file accordingly to point towards our own root DNS server.

• Install bind packages
• yum install bind bind-utils bind-chroot bind-libs 

•  Edit named.conf
• vi /etc/named.conf

listen-on port 53 { 192.168.12.5; }; //change this to your ip address
*Remove the allow-query line
*Remove dnssec-lookaside auto;
*DON'T remove the recursion line. Of all the servers, this is the only one that must do recursion

 zone "." IN {
        type hint;
        file "file.ca";
      };

*Remove include "/etc/named.root.key";

• Create and edit file.ca
• vi /var/named/file.ca

  .        999999    IN    NS    root.msm.net. \\fqdn of root dns server
root.msm.net.    999999        A    192.168.12.4 \\fqdn and ip address of root dns server

• Open Firwalls
• iptables -I INPUT -p tcp --dport 53 -j ACCEPT
• iptables -I INPUT -p udp --dport 53 -j ACCEPT 

•  edit resolv.conf
• vi /etc/resolv.conf

search msm.net
nameserver 192.168.12.5 //resolve to its own ip address

• Start named daemon
• service named start

• Query some records that are stored in primary server's database
• nslookup
• cache.msm.net

 If this is successful then change the /etc/resolv.conf in all the DNS servers to point to caching server IP address to reduce the load on Primary/Secondary and distribute it towards cache.

Prefer a Video Walkthrough?

Check this wiki page for more information on what's being done
http://en.wikipedia.org/wiki/Alternative_DNS_root

 That's all folks.
 Enjoy.